Hier hätten wir zunächst den Scan von GMER:
Code:
Alles auswählen Aufklappen ATTFilter
GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-06 22:45:42
Windows 5.1.2600 Service Pack 3
Running: yhilzh3i.exe; Driver: C:\DOKUME~1\Dome\LOKALE~1\Temp\uwldqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9F75300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7990300, 0x1BEE, 0xE8000020]
? C:\DOKUME~1\***\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[1448] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x91 0x43 0x7F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0x3E 0x42 0x54 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x68 0x37 0x43 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF8 0xCE 0xB2 0xD1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x42 0x99 0x13 0xCC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x37 0x77 0xC2 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x91 0x43 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0x3E 0x42 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x68 0x37 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF8 0xCE 0xB2 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x42 0x99 0x13 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x37 0x77 0xC2 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0x91 0x43 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0x3E 0x42 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x68 0x37 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF8 0xCE 0xB2 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x42 0x99 0x13 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x37 0x77 0xC2 0x6E ...
---- EOF - GMER 1.0.15 ----
--- --- ---
Dann noch den von
OSAM :
Code:
Alles auswählen Aufklappen ATTFilter
OSAM Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
Report of OSAM : Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:00:56 on 07.10.2010
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.13
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
"viahdcpl.cpl" - "VIA Technologies, Inc" - C:\WINDOWS\system32\viahdcpl.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"RT73 USB Wireless LAN Card Driver" (RT73) - ? - C:\WINDOWS\System32\DRIVERS\rt73.sys (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HDAudDeck" - ? - C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1 (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und zuletzt noch den kleinen MBRCheck :
Code:
Alles auswählen Aufklappen ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004
Kernel Drivers (total 111):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7A88000 \WINDOWS\system32\KDCOM.DLL
0xF7998000 \WINDOWS\system32\BOOTVID.dll
0xF7458000 ACPI.sys
0xF7A8A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7447000 pci.sys
0xF7588000 isapnp.sys
0xF799C000 compbatt.sys
0xF79A0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B50000 pciide.sys
0xF7808000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7598000 MountMgr.sys
0xF7428000 ftdisk.sys
0xF79A4000 ACPIEC.sys
0xF7B51000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7810000 PartMgr.sys
0xF75A8000 VolSnap.sys
0xF7410000 atapi.sys
0xF75B8000 disk.sys
0xF75C8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73F0000 fltMgr.sys
0xF73DE000 sr.sys
0xF73C7000 KSecDD.sys
0xF733A000 Ntfs.sys
0xF730D000 NDIS.sys
0xF72F3000 Mup.sys
0xF7A24000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7608000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6D15000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6D01000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6CD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7618000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF7858000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6CB5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7860000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7628000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7878000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7880000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A30000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7C14000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7638000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A38000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C9E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7648000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7658000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF78B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7668000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A90000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6C53000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6BF5000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A50000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7678000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7698000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A96000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAA66E000 \SystemRoot\system32\drivers\viahduaa.sys
0xAA64A000 \SystemRoot\system32\drivers\portcls.sys
0xF76A8000 \SystemRoot\system32\drivers\drmk.sys
0xF7A9E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C50000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AA2000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7908000 \SystemRoot\System32\drivers\vga.sys
0xF7AA6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AAA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7918000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7928000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF72CF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA5EF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF76C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xAA596000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA56E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA548000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF76D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA470000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xAA44E000 \SystemRoot\System32\drivers\afd.sys
0xF76E8000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys
0xF76F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA423000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA3B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7728000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7950000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAA395000 \SystemRoot\System32\Drivers\usbvideo.sys
0xF7768000 \SystemRoot\system32\drivers\usbaudio.sys
0xAA355000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AB2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A3C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7988000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BA1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA249000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9FE0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9F75000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xF7870000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA9DE3000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9AAE000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9C83000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9887000 \SystemRoot\System32\Drivers\HTTP.sys
0xF78E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA915C000 \SystemRoot\system32\DRIVERS\rtl8187Se.sys
0xA9CBF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA9307000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA9BFF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 37):
0 System Idle Process
4 System
388 C:\WINDOWS\system32\smss.exe
448 csrss.exe
472 C:\WINDOWS\system32\winlogon.exe
516 C:\WINDOWS\system32\services.exe
528 C:\WINDOWS\system32\lsass.exe
680 C:\WINDOWS\system32\svchost.exe
740 svchost.exe
804 C:\WINDOWS\system32\svchost.exe
876 svchost.exe
944 svchost.exe
1040 C:\WINDOWS\system32\spoolsv.exe
1108 svchost.exe
1160 C:\Programme\Java\jre6\bin\jqs.exe
1208 C:\WINDOWS\system32\svchost.exe
1272 C:\WINDOWS\system32\searchindexer.exe
1768 C:\WINDOWS\system32\wbem\wmiapsrv.exe
1796 alg.exe
1816 wmiprvse.exe
2028 C:\WINDOWS\system32\wscntfy.exe
280 C:\WINDOWS\explorer.exe
432 C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe
672 C:\Programme\Java\jre6\bin\jusched.exe
956 C:\WINDOWS\system32\igfxtray.exe
1144 C:\WINDOWS\system32\hkcmd.exe
1064 C:\WINDOWS\system32\igfxpers.exe
1480 C:\WINDOWS\system32\igfxsrvc.exe
900 C:\WINDOWS\system32\ctfmon.exe
2108 C:\Programme\Windows Desktop Search\WindowsSearch.exe
2144 C:\Programme\OpenOffice.org 3\program\soffice.exe
2156 C:\Programme\OpenOffice.org 3\program\soffice.bin
2620 C:\Programme\Mozilla Firefox\firefox.exe
1240 C:\WINDOWS\system32\svchost.exe
796 C:\WINDOWS\system32\searchprotocolhost.exe
2116 searchfilterhost.exe
2904 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BEVT-11ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
So ich bin auch done
und wie siehts aus?? Die Ergebnisse sind doch recht positiv oder ? ^^ Wenn ja wär das ja echt klasse =)
Gruß,
Demonico
07.10.2010, 14:06
und wie siehts aus?? Die Ergebnisse sind doch recht positiv oder ? ^^ Wenn ja wär das ja echt klasse =)
Baum-Darstellung